<?
function metadata(){
	echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<meta http-equiv='page-enter' content='blendTrans(Duration=0.5)'>
<meta http-equiv='imagetoolbar' content='no'>
<meta http-equiv='expires' content='Sat, 18 May 2012 23:59:59 GMT'>
<meta http-equiv='pragma' content='no-cache'>
<meta name='keywords' content='Book Square'>
<meta name='description' content='Book Square to trading book in James Cook University Singapore'>
<meta name='author' content='James Cook University Singapore by Sprakling Team'>
<meta name='publisher' content='James Cook University Singapore by Sprakling Team'>
<meta name='copyright' content='&copy; 2012. James Cook University Singapore by Sprakling Team'>
<meta name='page-topic' content='Book Square index page'>
<meta name='distribution' content='global'>
<meta name='content-language' content='en'>
<meta name='robots' content='index, follow'>
<meta name='revisit-after' content='30 days'>
<link href='/asset/img/favicon.ico' rel='shortcut icon' type='image/x-icon'>
<link href='/asset/img/favicon.ico' rel='icon' type='image/x-icon'>
<style type='text/css' title='currentStyle' media='all'>/*<![CDATA[*/@import url('asset/css/class_global.css');/*]]>*/</style>
<title>BOOK SQUARE</title>";
}

function connect_db(){
	$con = mysql_connect("localhost","root","root");
	//$con = mysql_connect("mysql10.000webhost.com","a8616686_booksq","sparklingteam88");
	
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }
	mysql_select_db("booksquare",$con);
}

function security($aman)
{
	$search = array ("'<script[^>]*?>.*?</script>'si",  // Strip out javascript
                 "'<[\/\!]*?[^<>]*?>'si",           // Strip out HTML tags
                 "'([\r\n])[\s]+'",                 // Strip out white space
                 "'&(quot|#34);'i",                 // Replace HTML entities
                 "'&(amp|#38);'i",
                 "'&(lt|#60);'i",
                 "'&(gt|#62);'i",
                 "'&(nbsp|#160);'i",
                 "'&(iexcl|#161);'i",
                 "'&(cent|#162);'i",
                 "'&(pound|#163);'i",
                 "'&(copy|#169);'i",
                 "'&#(\d+);'e",
				 "[']");                    // evaluate as php

	$replace = array ("",
					  "",
					  "\\1",
					  "\"",
					  "&",
					  "<",
					  ">",
					  " ",
					  chr(161),
					  chr(162),
					  chr(163),
					  chr(169),
					  "chr(\\1)",
					  "");
	
	$text = preg_replace($search, $replace, $aman);
	return strip_tags($text);
}

function sql_injection(){
	connect_db();
	$name_bad = mysql_real_escape_string($name_bad);
	$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
	echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";
}

?>